Well what if you encrypted the data? ie: password protected zip file, then I dont believe you have a violation. ----- Original Message ----- From: Jeff Brown To: NT System Admin Issues Sent: Friday, May 14, 2010 5:30 PM Subject: Re: HIPAA Question
I thought the hotmail reference was a total joke. protecting information, not having ID put together with personal medical information is only part of the equation. It is a violation to send pki over the internet CLEAR TEXT, which I believe anything sent to or from a hotmail account would fall into that category, so no matter what you did to secure the identity of the recipient, its still a violation, right? On Thu, May 13, 2010 at 6:33 PM, Jon Harris <[email protected]> wrote: Only someone that has done a lot of digging into HIPPA would know but that is what I thought as well. It is getting the correct person the password to the vault that concerns me. Anyone can send an email from any account and then get the information. Sending the connection information by email would be fine (I think) if it is was an anonymous account. It would concern me if someone was to get the password for the vault that way. Jon On Thu, May 13, 2010 at 7:28 PM, John Aldrich <[email protected]> wrote: On Thu May 13 2010, you wrote: > No, I was just joking about the Hotmail bit. ;-) > > On 5/13/2010 5:49 PM, Jon Harris wrote: > > Do you really think that sending this kind of information thru a > > Hotmail/Yahoo/gmail is any better? Maybe to send a link to one of the > > secure data transmission methods it would be an idea and maybe a good > > idea. No owner information without a lot of digging to find the owner > > of the hotmail/yahoo/gmail account. > > I would second that if you do this then you have the receiver call > > into the office and get the password to the secure vaulted information > > or better yet make them come in and get it. > > Jon > > I really think that the combination of an "anonymous" Hotmail or Gmail or yahoo account *along with* the vault is a good solution. That way there's nothing obvious to tie it back to the original medical facility, in case there's someone "shoulder surfing" etc. -- Thanks, John Aldrich Blueridge Industries IT Manager ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
